Process Monitoring on Sequences of System Call Count Vectors

Dymshits, Michael, Myara, Ben, Tolpin, David

arXiv.org Machine Learning 

System call streams are enormous, and an efficient representation with performance guarantees independent of the level of activity on the host must be used. Some earlier work was based on processing of sequential streams of system calls [1], [2], which does not scale well -- a single process can produce tens of thousands system calls per second, with hundreds of processes running on each host, or end point. Other approaches rely on computing frequencies of short sequences (n-grams) of system calls over a fixed time window [3], [4]. However, in this case information about temporal dynamics of the process is lost. Further on, both from security and performance points of view some of the processing is sent from the monitored host to the monitoring server -- a different machine, dedicated to the monitoring task. This poses additional restrictions on the amount of data which can be collected: on the one hand, the network load must stay within the allowed limits; on the other hand, the machine executing the monitoring task must be able to process data from multiple hosts in the network. In this paper we introduce a new methodology for monitoring networked computer systems based on system calls.

Duplicate Docs Excel Report

Title
None found

Similar Docs  Excel Report  more

TitleSimilaritySource
None found